[ubuntu/utopic-security] php5 5.5.12+dfsg-2ubuntu4.4 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Apr 20 15:39:57 UTC 2015
php5 (5.5.12+dfsg-2ubuntu4.4) utopic-security; urgency=medium
* SECURITY UPDATE: potential remote code execution vulnerability when
used with the Apache 2.4 apache2handler
- debian/patches/bug69218.patch: perform proper cleanup in
sapi/apache2handler/sapi_apache2.c.
- CVE number pending
* SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
- debian/patches/bug69441.patch: check lengths in
ext/phar/phar_internal.h.
- CVE number pending
* SECURITY UPDATE: heap overflow in regexp library
- debian/patches/CVE-2015-2305.patch: check for overflow in
ext/ereg/regex/regcomp.c.
- CVE-2015-2305
* SECURITY UPDATE: move_uploaded_file filename restriction bypass
- debian/patches/CVE-2015-2348.patch: handle nulls in
ext/standard/basic_functions.c.
- CVE-2015-2348
* SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
- debian/patches/CVE-2015-2783.patch: properly check lengths in
ext/phar/phar.c, ext/phar/phar_internal.h.
- CVE-2015-2783
* SECURITY UPDATE: arbitrary code exection via process_nested_data
use-after-free
- debian/patches/CVE-2015-2787.patch: fix logic in
ext/standard/var_unserializer.*.
- CVE-2015-2787
Date: 2015-04-17 11:35:13.521979+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the Utopic-changes
mailing list